VW and the fickle finger of fate

16 December 2005

Volkswagen’s weird lightweight diesel sports concept, EcoRacer, has collected together a few currently promising technologies in its cockpit, not the least of which is the use of fingerprint biometrics to unlock the “sports” driving profile.

As VW says, “If, for instance, your 18-year-old son or daughter with little driving experience wants to drive the EcoRacer, it is possible to activate a mode in which the sports car does not develop its full power, the top speed is electronically reduced, and ESP is always active.”

This sounds wise enough, but in fact biometrics are not really reliable enough for a safety-related control system. As one recent article highlights, many fingerprint readers can be fooled with relatively crude replica fingers made out of readily available materials such as Play-Doh.

As any computer security expert will happily confirm, all access control systems rely on one or more of only three different kinds of security measures, called factors: something you have (like a key); something you know (like a PIN or a password); and something specific to you as a person (a biometric measure like a fingerprint).

Security systems that use only one factor – a key, for example – are generally considered weak, since an attacker has to breach only one defence. Combining two factors is better - it may be easy to steal a key, but may be much harder to steal a key and then to guess a password. This is why the UK has recently moved to chip and PIN to cut down credit card fraud.

Relying on a single-factor biometric control is not too clever, given the current state of the art in peering at fingertips. Fortunately the EcoRacer is not a production vehicle, nor is it likely to become one with all its bells and whistles intact. Which is a good thing for those with 18-year-old offspring to protect.